Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Fighting Spammers With Honeypots

Nov 26, 2003 1:36AM PST

Abstract
Like most advertising flyers found in postal mailboxes, millions of emails -- now classically referred to as spam -- fill email inboxes around the world everyday. Spam can be considered as the most annoying cyber-pollution that targets all of us with tons of unsolicited emails. Those emails usually contain advertisements and spammers are paid to spread as many of them as possible.

Though spam should generally not be considered a real cyber attack, it may be difficult to distinguish between virus-contaminated emails, phishing scams and bothersome ads (those containing tricky JavaScript or specific forged HTML used to track them). Moreover, spammers slow the servers receiving legitimate emails and may cause availability problems. While spammers earn money by embarrassing people, employees and netsurfers lose time by receiving unsolicited emails -- in some cases, hundreds per day. Companies may lose money too, through lost productivity, bandwidth charges, purchasing blacklists, and so on. Typical solutions against this cyber-plague may be to filter emails received by using content analysis or blacklists, and to fix poorly configured servers.

This paper will evaluate the usefulness of using honeypots to fight spammers. The first part of the article will explain some background information on spam. Then, we will try to understand how honeypots may detect, slow and stop such activities while promoting a clean Internet. Finally we will conclude with some future perspectives.

Fighting Spammers With Honeypots: Part 1

Fighting Spammers With Honeypots: Part 2

Conclusion

This year, new mail threats have been discovered and spammers have started to use nasty new techniques.

At the beginning of November 2003, different versions of a worm called MiMail [ref 17] were launched, and some performed a Denial Of Service attack on Web servers that were dedicated to the fight against Spam. Those worms targeted the Web sites from spews.org, spamhaus.org and spamcop.net [ref 1Cool.

By the end of October 2003, a new backdoor called Hogle (Proxy-Regate) [ref 19] was found. Its sole purpose is to infect Windows computers and to install a SMTP proxy service (running on TCP port 3355) that will be used by remote spammers. This example is not the only one, and this type of threat continues to grow very quickly (Kalshi, etc) [ref 20].

Should we consider this the end of the use of open proxies? Evil spammers spread worms all around the world to control millions of zombies hosts, and those hosts may be used to launch spam at anytime. It appears to be a dark future for netsurfers.

How valuable could honeypots be in this new kind of struggle? My previous article tried to explain what could be done to fight worms with honeypots [ref 21]. We could even imagine a new type of honeypots, active honeypots, that would be able to simulate an infected computer, claiming it is infected and waiting for remote orders. That would help us with understanding the new techniques and motivations used by thid new kind of dark spammer.

This sounds like an unofficial cyber war. Even commercial tools are created by spammers to fight the ******** makers [ref 22] in order to support their unwanted bulk mail activities.

To conclude this article on a more positive note, let's summarize. This paper explained how typical spammers work, as well as how honeypots could be used to detect spammers, slow spammers, or even block spammers. If people ask themselves if it is worth using honeypots and similar tools in the fight against spam, let's consider the alternative. Just look at the new worms used to attack legitimate anti-spam supporters -- they are the proof that spammers are annoyed by any attempt that defend against spam. The spammer's miscreant desire to attack legitimate organizations that defend the Internet appears to stem from their desire to make money at any cost.

Honeypots, toward a cleaner Internet.

Discussion is locked